CVE-2024-6522

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Aug 7, 2024

CWE ID 918

Summary

CVE-2024-6522 is a Server-Side Request Forgery (SSRF) vulnerability affecting the Modern Events Calendar plugin for WordPress. This issue, present in all versions up to 7.12.1, allows authenticated attackers with Subscriber-level access or higher to issue unauthorized web requests. By exploiting this flaw, attackers can potentially query or modify information from internal services, putting sensitive data at risk. The vulnerability stems from the 'mec_fes_form' AJAX function and poses a significant threat to WordPress installations using this plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w0looS
https://www.cve.org/CVERecord?id=CVE-2024-6522
https://nvd.nist.gov/vuln/detail/CVE-2024-6522

Back to Vulnerability Database

CVE-2024-6522

CVSS 3.1 Score 8.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations